Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

NTP Time synch... Headwrecker!

  • 05-10-2010 1:26pm
    #1
    Registered Users, Registered Users 2 Posts: 7,055 ✭✭✭


    I've a 2008 Active Directory server that is the PDC emulator in the domain, but I just can't get it to synch with an external time source. The server has been isolated in it's own AD container so no GPO settings should be effecting it.

    We have a switch that is configured for NTP that we point all our servers at, Iv’e tried setting the NTP synch using the manual peer list command
    w32tm /config /manualpeerlist:

    I’ve applied the recommendations outlined in this document to configure the server as an authoritative time server
    http://support.microsoft.com/kb/816042

    But when I query the status the source is listed as the local CMOS clock

    w32tm /query /status

    Leap Indicator: 0(no warning)
    Stratum: 1 (primary reference - syncd by radio clock)
    Precision: -6 (15.625ms per tick)
    Root Delay: 0.0000000s
    Root Dispersion: 10.0000000s
    ReferenceId: 0x4C4F434C (source name: "LOCL")
    Last Successful Sync Time: 04/10/2010 17:04:59
    Source: Local CMOS Clock
    Poll Interval: 6 (64s)

    The server just will not synch wit the IP address supplied as the external time source.
    Now if I use the w32tm stripchart command to check the local time against the specified time source it will reply and tell me how far out of sync the server is from the source, but still it looks to the cmos clock no matter what changes I make or the number of times I restart the NTP service.

    Collecting 5 samples.
    The current time is 05/10/2010 14:22:21.
    14:22:21, +00.1580697s
    14:22:23, +00.1530885s
    14:22:25, +00.1521974s
    14:22:27, +00.1524104s
    14:22:29, +00.1525851s


    Anybody seen somthing similar?


Comments

  • Registered Users, Registered Users 2 Posts: 3,093 ✭✭✭Static M.e.


    To check the time server settings use: “net time /querysntp”
    To set a time server use: “net time /setsntp:{Server Address}”

    To force update from the time server use:
    net stop w32time
    net start w32time

    w32tm /resync /rediscover

    net time /setsntp:pool.ntp.org

    W32TM /resync /rediscover
    W32TM /resync /nowait


    On the phone so cant write, Ill report back in 5/10 min when Im off the call. Try those in the mean time


  • Registered Users, Registered Users 2 Posts: 3,093 ✭✭✭Static M.e.


    Are you using the 169* address range?

    Have you disabled the Windows Firewall?

    Is the switch in the same LAN?

    This command should work fine -- net time /setsntp:"Pool.NTP.org" (without the " ")


  • Registered Users, Registered Users 2 Posts: 7,055 ✭✭✭conorhal


    Cheers guys

    When I try recynching I get the following.

    "Sending resync command to local computer
    The computer did not resync because no time data was available"

    The windows firewall is disabled.

    The server itself in response to a w32tm /query /status indicates that it is looking to the local cmos clock for it's time source despite being configured as an authorative server with a nominated external source.

    Unfortunately I can't synch with an external time source on the internet directly because the server does not have outbound access to the web, it's heavily firewalled so it has to synch with one of our internal cisco switches that is configured to act as an NTP server (which in turn synchs off an atomic clock somewere).
    This switch is accessable using UDP port 123 in both directions and if if I use a stripchart command:
    w32tm /stripchart /computer: (IPaddress of NTP switch) /samples:5 /dataonly
    I do get information as to how far out of synch I am with the switch time.

    While the NTP switch is on a different LAN, routing to the lan is configured and confirmed by getting time data from the switch using the stripchart command

    I've also tried to force recognition of the external source using the:
    w32tm /config /manualpeerlist: (IP of Switch) /syncfromflags:manual /reliable:yes /update

    All to no avail.

    It's a wierd one, mostly because it refuses to recognise the external source, if it was saying that it failed to update from it I could go from there, but to just not even look for it?


  • Registered Users, Registered Users 2 Posts: 3,093 ✭✭✭Static M.e.


    Not sure if this will help but have you tried Right clicking on the Command Prompt, Run as Administrator and running the commands that way.

    I know a couple of commands that only run successfully on WS2008 R2 that way.


  • Registered Users, Registered Users 2 Posts: 3,093 ✭✭✭Static M.e.


    Just to be sure.

    Try the following

    net stop w32time
    net time /setsntp:time.nist.gov
    net start w32time

    Double check that UDP 123 is open on the switch.. its weird one. The only other thing I can think of is if something else is using port 123 on the server or if your Security policy has already been applied to the server and locked it down somehow..


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,055 ✭✭✭conorhal


    Thanks again for the suggestions guys (I'm presuming guys of course...)

    After running every NTP command under the sun to force a synch, editing the registry and trawling through a hierarchy of group policies, it turns out that the problem was the local group policy on the server, it's automatically configured as enabled and looks to windows time. I really fudging hate Windows 2008, it seems designed to make life difficult, feckin' nightmare! :mad:


  • Registered Users, Registered Users 2 Posts: 3,093 ✭✭✭Static M.e.


    Well one guy anyway ;)

    At least you got it working in the end. I quite like WS2008 its got some quirks but its good overall.


Advertisement